More than 10 million individuals hit in single data breach, report reveals

A report by the Office of the Australian Information Commissioner (OAIC), also announced the number of data breaches reported has dropped to 215.

The latest quarterly data breach report from the Office of Australian Information Commissioner (OAIC) revealed that over 10 million individuals had their information compromised in one single incident.

It was also revealed that between January 1 2019 and March 21 2019, the OAIC received 215 data breach notifications, which is a significant drop from the 262 reported between October and December 2018. Of the 215 data breaches reported, 61% (131) were due to malicious or criminal attacks including phishing, malware or ransomware.

A further 35% (75) of the breaches were attributed to human error, such as sending personal information to the wrong recipients via email, or lost of paperwork or storage device. In this latest quarter, data breaches involving human error resulted in 36,993 individuals being impacted.

The report also revealed that from January to March 2019, the private health sector had reported the most data breaches under the Australian Notifiable Data Breach Scheme with 58 NDBs received by the OAIC. Human error was found to be the largest data source of data breaches at 52%, while malicious or criminal activity were the second largest source of data breaches.

In comparison to the finance sector, malicious or criminal attacks were the cause of most data breaches, and the most notifications to the OAIC with 16 NDBs. The attacks include cyber incidents such as phishing emails to obtain credentials, the hacking of systems and even a rogue employee improperly accessing or disclosing personal information.

The OAIC have stated that this is the last quarterly report on the NDB Scheme to be released, with the OAIC planning to release a report every six months instead. This follows concerns that the OAIC is under resourced.